Escalating DNS attacks have domain name steward worried

The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications

The Internet Corporation for Assigned Names and Numbers (ICANN) – which supervises the Domain Name System (DNS) – is urging all DNS stakeholders to do their parts in order to enhance the security of one of the internet’s foundations.

The statement, adopted at an emergency meeting late last week, comes on the heels of reports that the DNS servers for a variety of prominent targets across the world have been subject to a rash of attacks known as DNS hijacking attacks. [To learn more about various types of DNS-based attacks, head over to this article.]

According to the organization that oversees the DNS ecosystem, these incidents represent “an ongoing and significant risk to key parts” of the system’s infrastructure. In January of this year, the United States’ Department of Homeland Security also sounded the alarm about the attacks.

By translating human-friendly domain names to computer-friendly IP addresses, DNS is central to the internet’s fabric. In other words, with DNS we only need to remember the name of the site we want to visit, rather than the relevant IP address. If the system’s security is compromised, however, cybercriminals can, for example, divert our traffic to any online venue instead of the intended destination, often with the aim of stealing personal data.

To foil attacks that tamper with the DNS infrastructure, ICANN is now urging domain owners and DNS services to deploy a set of specifications called Domain Name System Security Extensions (DNSSEC). At present, the implementation rate of specifications that ensure the validity of the data by digitally signing it is less than 20 percent, according to information from APNIC.

“Although DNSSEC cannot solve all forms of attack against the DNS, when it is used, unauthorized modification to DNS information can be detected, and users are blocked from being misdirected,” said ICANN.